|
|
Colapse all |
Post message
[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities 2005-01-27 chewkeong security org sg Ingate Firewall: Removed PPTP tunnels not deactivated 2005-01-27 Per Cederqvist (ceder ingate com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Ingate Firewall Versions: 4.1.3 and earlier Tracking ID: 1826 Summary ======= Active PPTP tunnels in Ingate Firewall are not deactivated when a PPTP user is disabled. If a user has an active PPTP connection to an Ingate Firewall, and that us [ more ] [ reply ] NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name 2005-01-27 NSFOCUS Security Team (security nsfocus com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security Advisory(SA2005-01) Topic: Buffer Overflow in WinAMP in_cdda.dll CDA Device Name Release Date: 2005-01-27 CVE CAN ID: CAN-2004-1150 http://www.nsfocus.com/english/homepage/research/0501.htm Affected systems & software ============= [ more ] [ reply ] HKLM locking 2005-01-27 Vladimir Kraljevic (vladimir_kraljevic yahoo com) NOTE: Already posted to vuln-dev. Because I'm not receiving comments, I believe that this one is real. Dear list, please inspect the following, your input is welcome. Vendors (Microsoft and unspecified AV company) are contacted two months ago, I'm not satisfied with their response and here is the [ more ] [ reply ] DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid' 2005-01-27 KF (Lists) (kf_lists digitalmunition com) NOVL-2005-10096251 GroupWise WebAccess Error modules loading(report) 2005-01-27 Ed Reed (ereed novell com) [CLA-2005:923] Conectiva Security Announcement - squid 2005-01-26 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : squid SUMMARY : Fixes for squid vulnerabiliti [ more ] [ reply ] Multiple Vulnerabilities in Pocket IE 2005-01-27 kers0r (root asylum-nz com) Multiple Vulnerabilities in Pocket IE -------------------------------------- Pocket IE Attack Overview: There are several weaknesses in Pocket IE that can be used to trick end users into submitting local and/or sensitive data, such as usernames and passwords. The potential for exploiting these [ more ] [ reply ] MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities 2005-01-26 joey infodrom org (Martin Schulze) Black Hat new content on-line & Registration now open for Asia and Europe. 2005-01-26 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Bugtraq readers, I would like to make some brief announcements about past as well as upcoming Black Hat events. First, new content is on-line from our Tokyo, Japan conference. Please check out our free media archives of past presentations: http [ more ] [ reply ] iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability 2005-01-26 iDefense Customer Service (customerservice idefense com) Openswan XAUTH/PAM Buffer Overflow Vulnerability iDEFENSE Security Advisory 01.26.05 www.idefense.com/application/poi/display?id=190&type=vulnerabilities January 26, 2005 I. BACKGROUND Openswan is an open source implementation of IPSEC for the Linux Operating System. Openswan is based on the dis [ more ] [ reply ] [SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass 2005-01-26 joey infodrom org (Martin Schulze) UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking 2005-01-26 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking Advisory number: SCOSA-2005.8 Issue date: 2005 [ more ] [ reply ] Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers 2005-01-26 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers Revision 1.0 For Public Release 2005 January 26 1600 (GMT) - ------------------------------------------------------------------------ -- Contents Summary Affected Product [ more ] [ reply ] Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload 2005-01-26 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload Revision 1.0 For Public Release 2005 January 26 1600 UTC (GMT) - ------------------------------------------------------------------------ -- Contents Summary Affected Produc [ more ] [ reply ] Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes Reload 2005-01-26 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes Reload Revision 1.0 For Public Release 2005 January 26 1600 UTC (GMT) - ----------------------------------------------------------------------- Contents ======== Summary Affecte [ more ] [ reply ] MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) DMA[2005-0125a] - 'berlios gpsd format string vulnerability' 2005-01-26 KF (Lists) (kf_lists digitalmunition com) MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) List of all admin accounts in phpBB 2005-01-25 Predrag Damnjanovic (bugtraq mycity co yu) (1 replies) After discovering 'highlight' vulnerability in phpBB, many forums were patched, but... it is possible that attackers created a [secret] admin accounts... It is very hard to find secret admin accounts if the forum has too many users... you must check every account... So, here is a simple PHP scri [ more ] [ reply ] MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities 2005-01-26 Mandrake Linux Security Team (security linux-mandrake com) OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions 2005-01-25 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions Advisory number: SCOSA-2005.6 Issue date: 200 [ more ] [ reply ] |
|
Privacy Statement |
SIG^2 Vulnerability Research Advisory
Magic Winmail Server v4.0 Multiple Vulnerabilities
by Tan Chew Keong
Release Date: 27 Jan 2005
ADVISORY URL
http://www.security.org.sg/vuln/magicwinmail40.html
SUMMARY
Magic Winmail Server (http://www.magicwinmail.net/) is an enterprise class mail serv
[ more ] [ reply ]